No idea who owns them, but I guarantee you there will not be any (successful) lawsuits over this. The prime argument they will give, is that because breaches are so common today, your information was already exposed, therefore you can't suffer a loss due to their negligence.
Until stronger information security laws come about, nothing will change. I am an infosec consultant, and I assure you, that is a slippery slope that most legislators won't go down.